We just raised a $30M Series A: Read our story
LA
Information Security Specialist at a comms service provider with 5,001-10,000 employees
Real User
Scalable, lightweight, and easy to deploy

Pros and Cons

  • "The visibility provided has been great."
  • "The solution needs expanded endpoint query tools."

What is our primary use case?

The product is an endpoint security product. It's kind of like a replacement for a traditional antivirus.

How has it helped my organization?

One of the strong features of the product is its endpoint visibility. It gives you more visibility than a traditional antivirus would give you.

What is most valuable?

The visibility provided has been great.

The ease of deployment is definitely a great selling feature.

The stability is good and the product is pretty lightweight.

The solution scales well.

What needs improvement?

The reporting could be improved. Some of the built-in reporting isn't ideal. They have an API and everything you need that you can kind of hook into the product pretty easily, however, it'd be nice to have some built-in reports instead of having to seek them elsewhere.

The solution needs expanded endpoint query tools.

For how long have I used the solution?

I've been using the solution for about a year.

What do I think about the stability of the solution?

The stability of the solution is good. There are no bugs or glitches. It doesn't crash or freeze. It seems to be a little bit lighter on resources than our previous antivirus.

What do I think about the scalability of the solution?

The product can be scaled pretty high. We have about 3000 sensors deployed. However, it can go a lot higher than that. It depends on your internet connection for the reporting or the information, basically.

We have kind of a desktop security team that is about five individuals that administer the product part-time, and that can access the console. A couple of them are the ones that spend the most time in it.

We use the solution extensively and we may look at expanding the EDR  - stepping up to one of the other products and adding capabilities. Therefore, we're likely to increase usage in some form in the future.

How are customer service and technical support?

Technical support needs some improvement. They don't seem to respond so well to technical help. The good thing is we don't need that much, however, they need to probably improve that a little bit for others who might require more assistance.

Which solution did I use previously and why did I switch?

We had McAfee antivirus and it was difficult to tune the policy without compromising security, I would say. Its footprint was a little high. Its performance wasn't that great in terms of end-point performance.

How was the initial setup?

The solution is easy to deploy. The implementation process is simple. It's not overly complex or difficult. 

While the rollout is pretty easy, you have to kind of tune it a little bit for applications as it discovers them.

To deploy a sensor, it takes just a couple of minutes or so. Then, to kind of tune the policy itself, you are probably looking at a couple of weeks.

What about the implementation team?

Initially, we use the services provided by the vendor, like an on-ramp kind of service. They were great. The team was pretty helpful. 

What's my experience with pricing, setup cost, and licensing?

We pay about $15 a node. It's just a standard licensing fee and that's it.

What other advice do I have?

I'm just a customer and an end-user.

I've been using the latest version of the solution.

The sensors are on-premises, however, the console is in the cloud. It's a VMware product that runs on Amazon.

I'd advise those considering the solution to seek out some of the training to see if you can get it bundled in with the deployment. The more advanced training, to kind of how to tune the policy and stuff like that, would be helpful to have.

I'd rate the solution at an eight out of ten as there's still room for improvement in things like reporting. However, the impact on performance and the ability to have greater visibility were pluses in my book.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SS
IT Manager - System Administration at a pharma/biotech company with 501-1,000 employees
Real User
Top 20
Easy to set up and offers good protection but the on-premises deployment has a lot of issues

Pros and Cons

  • "The initial setup is very easy."
  • "With the on-prem one, the bug has been reported by the community in early January or February, something like that, at the beginning of the year, and it's still not addressed. They have released two versions since then, and yet neither of them addresses this specific issue."

What is our primary use case?

We primarily use the solution for operations and also security. On the security front, we have a specific project that's ongoing right now. We are moving away from the on-prem Carbon Black to the cloud one. 

We primarily use the solution for endpoint protection.

What is most valuable?

The protection of the user machines has been great. For example, if a laptop gets stolen, or let's say, an employee gets let go, the product provides us with the ability to actually lock people out of the network and handle remote wipes and stuff like that.

The initial setup is very easy.

What needs improvement?

The on-prem one was very problematic, especially version 7.2, which did not play nice with Symantec at all. The last upgrade of the client actually triggered a block to the networking, to our active directory domain controllers.

There was a bug that we found was in Macs. It was triggering false positives as it wasn't able to figure out the right parent upon login. With the Carbon Black Cloud, we just got it two to three weeks ago. So far, I haven't seen any false positives. The cloud seems to be a much better product. 

With the on-prem one, the bug has been reported by the community in early January or February, something like that, at the beginning of the year, and it's still not addressed. They have released two versions since then, and yet neither of them addresses this specific issue.

I need more time to explore the cloud deployment, as we've only had it for three weeks at this point. 

For how long have I used the solution?

It's been at least four years since we started using the solution. Four or five years.

We started with the on-prem one and now we're in yet another project with a cloud deployment.

What do I think about the stability of the solution?

While the on-prem has some bugs we have been dealing with, so far, after using the could for three weeks, it's like night and day. It's been very stable. There are no bugs or glitches.

What do I think about the scalability of the solution?

I'm not aware of the scalability capabilities yet, as I don't have the entire company on it yet. We are still in testing mode. We just got the cloud deployment three weeks ago. So I can't really answer that truthfully.

Right now, we have seven people on the solution currently.

How are customer service and technical support?

We haven't yet used the technical support. I can't speak to how helpful or responsive they would be.

That said, we did use technical support when we were on the on-premises version, and they were terrible. We would ask for bug fixes and new versions would come and yet they would not actually fix the problems that were highlighted.

Which solution did I use previously and why did I switch?

We also use Red Cloak, which is a completely different prody=uct and something that we still use. 

How was the initial setup?

The initial setup is very simple. The cloud version in particular is very simple. It's not overly complex or difficult.

What's my experience with pricing, setup cost, and licensing?

I'm not dealing with the pricing. I can't speak to the costs involved.

What other advice do I have?

There are two versions of Carbon Black that VMware has, one of them is the on-prem one and the endpoint clients are in the user machines and servers, so AWS and data center and VSS.

I'd advise those interested in the solution to go with the cloud deployment model. We've had a lot of issues with the on-premises version.

I'd rate the solution at a seven out of ten. There seems to be quite a disparity between the cloud and on-premises versions. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.
JG
Infrastructure and support manager at a healthcare company with 51-200 employees
Real User
Top 5Leaderboard
Amazing EDR that is responsive but there is no support for MAC and Linux

Pros and Cons

  • "The EDR and reports were helpful in improving our organization."
  • "Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use."

What is our primary use case?

We used it for EDR, as well as endpoint protection, the whitelisting feature.

How has it helped my organization?

The EDR and reports were helpful in improving our organization.

What is most valuable?

The EDR was amazing. It was very responsive. It did an excellent job of providing us the information we needed in a timely fashion, as long as the latest agent was up-to-date on the client.

What needs improvement?

The whitelisting system, and the concept of it, overall, is pretty decent. The problem with the whitelisting capability is that it's pretty archaic. Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use.

The Mac support needs improvement, as it had next to none.

The biggest problem we had was the Mac support. It had very little, and my C-suite is almost exclusively Mac, as is my marketing and development department.

For how long have I used the solution?

We had used the Carbon Black CB Defense for two years. We changed to another solution approximately nine months ago.

We were using the latest version at the time.

What do I think about the stability of the solution?

The stability of the on-premises servers had no issues but the resource allocation on the clients was a bit high, especially with having to run two agents. The detection agent, the Whitelist, and the control agent.

What do I think about the scalability of the solution?

We didn't have any problems scaling this solution.

It did the job. It was great for Windows, but it had no Mac support and had nothing for Linux, which makes it hard.

We had 150 users in our organization. Their roles varied from CSF departments through to my C-suite.

How are customer service and technical support?

Technical support seemed pretty good and I didn't have any problems with it. 

If we had a problem or a question, and they would get back to us in a reasonable amount of time. 

The only place that we ran into trouble was with Macs. That's my general theme here with Carbon Black, unfortunately.

I would rate them an eight or a nine. They were good for the most part.

Which solution did I use previously and why did I switch?

Previously, we were on the Kaspersky Enterprise Solution for a couple of years. It was a signature-based system. Signature-based systems are getting easier to get around by the attackers these days, so we swapped over to something that is a little closer to attack vectors, which says, don't run anything that we don't approve.

How was the initial setup?

The initial setup was moderate.

What other advice do I have?

For others who are interested in using Carbon Black, I would recommend checking your use case. If your use case is Linux and Mac, then it will be problematic, based on my experience.

These days, with VMware taking them over, I'm willing to bet that that's going to change.

I see some redemption in their future, with VMware owning them. VMware is a very strong player in the workspace, and especially with their workspace tool that VMware's building to work with Windows, Mac, and Linux clients, in order to do VDI.

For the Windows endpoints, it was incredibly useful, nothing got through it, which is a bad thing in some cases because we hadn't tagged the certificate platform appropriately. So, it's a bit of an improvement needed there, but the biggest complaint is around the operating systems not being available.

I would rate Carbon Black CB Defense a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Syed Faisal
ICT Manager at SecurEyes
Real User
Top 5
A stable solution which can be flexibily configured

What is our primary use case?

Carbon Black CB Defense is a multi-purpose solution. We can use it for XDR ADF. This way, if someone is trying to attack one's end point, in which there is a script such as PowerShell, but without a signature, the solution will be aware of such an attack and respond accordingly. It will detect the behavior and respond to the SOC.

What is most valuable?

The solution will prevent communication of one compromised device with another. 

What needs improvement?

In the month-long evaluation of the solution that we conducted, we found the POC to not be helpful, owing to the issue the client encountered with the platform, the operating system, which did not lend adequate support. 

While we paid for both on-cloud and on-premises deployment, the issue is not with the entrepreneur's upload, but with the end point. 

And do you have already some customers regarding Carbon Black?

Syed Faisal:
No, even Carbon Black, everyone has this solution for Windows IoT and Linux environment. But this is something called the product called Dell. This is a Dell based, [inaudible 00:02:31]. More or less the Dell [inaudible 00:02:33] which is running Dell customer OS, [inaudible 00:02:39]. But unfortunately we cannot install the agent on it.

The licensing price is a bit expensive when compared with other solutions. 

For how long have I used the solution?

We've been using Carbon Black CB Defense for just a month. 

What do I think about the stability of the solution?

The solution is scalable. 

What do I think about the scalability of the solution?

The solution is stable and the policy can be configured with flexibility. The solution comes with its own pre-built standard policy. Yet, we can write our own, which means the solution serves us going forward. 

How are customer service and technical support?

The tech support is mostly okay. 

How was the initial setup?

The solution is very easy to install.

Full deployment takes no more than an hour. 

What about the implementation team?

Installation can be done on one's own. 

What's my experience with pricing, setup cost, and licensing?

The licensing is a bit pricier than other solutions. 

We pay for the license annually. 

What other advice do I have?

While I do not know the exact number of customers making use of the solution, my understanding is that most of the MNC, multinational companies, and the majority of the banking sector are doing so. 

I would recommend the solution to others.

I rate Carbon Black CB Defense as a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Abbasi Poonawala
Vice President Derivatives Ops IT at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Monitoring Carbon Black Agents with Forescout Extended Module for CB.

Pros and Cons

  • "Technical support is excellent."
  • "In the next release, it would help if we can get better control over containers."

What is our primary use case?

We use Carbon Black agents that are monitored by the Forescout Extended Module for CB. It will check that CB Agents are deployed and are in running state to secure containers across vmware environment.

The dashboard shows the security analyst who looks at the reports of the threats around policies monitoring Carbon Black agents. The discovery happens in Carbon Black, and as part of the discovery, it will monitor multiple Carbon Black agents. Deployment is on hybrid cloud VM cloud on AWS.

What is most valuable?

Technical support is excellent. It's also stable, scalable, and easy to implement.

What needs improvement?

In the next release, it would help if we can get better control over containers. This will help secure the containers in multiple environments. For example, we need to secure the Kubernetes containers. Apart from admin user login to see containers processes running, developers & operate team users also should be seeing the container's processes running.

For how long have I used the solution?

I have been using Carbon Black CB Defense for the past year.

What do I think about the stability of the solution?

Carbon Black CB Defense is a stable product.

What do I think about the scalability of the solution?

Carbon Black CB Defense is a scalable product.

How are customer service and technical support?

We have extended support from the IT technical team and the engineering team from VMware. Their support is excellent. I don't see any issue with technical support.

How was the initial setup?

The initial setup and installation are straightforward. Typically it takes just two days to set up Carbon Black agents for the post cloud. A team of about 15 technical people deployed this solution.

What about the implementation team?

There is a very big team from VMware, including VMware support, who implemented this solution. 

What's my experience with pricing, setup cost, and licensing?

The licensing costs depend on how many policies you have on the extended module for CB. We pay between $5,000 to $7,000 for a license for the Carbon Black monitoring agents.

What other advice do I have?

On a scale from one to ten, I would give Carbon Black CB Defense a seven.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MS
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees
Real User
Top 20
Good security with a straightforward setup but requires better compatibility with other solutions

Pros and Cons

  • "The initial setup is pretty straightforward."
  • "The solution needs better overall compatibility with other products."

What is our primary use case?

We primarily use the solution as endpoint security.

What is most valuable?

The security, specifically the endpoint security that the solution provides, is its most valuable aspect.

The initial setup is pretty straightforward.

What needs improvement?

The solution needs better overall compatibility with other products.

For how long have I used the solution?

I've been using the solution for less than a year. I've only really been using it for the last one or two quarters of this fiscal year. It hasn't been a very long time yet.

What do I think about the stability of the solution?

The solution is quite stable. We find it to be a reliable product. There aren't bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

The solution can scale if you need it to. That's not a problem at all.

We have more than 10,000 people using the solution currently.

How are customer service and technical support?

When it comes to technical support, so far it's been good. We've been pretty satisfied with their level of support. They are responsive and knowledgeable and we know we can get help when we need it.

Which solution did I use previously and why did I switch?

We were not using any other product before we started using this solution. That said, we registered for other products too and finally decided to go with Carbon Black after trying out other options.

How was the initial setup?

The initial setup isn't really complex. It's pretty straightforward. Those implementing the solution shouldn't have a problem getting it up and running.

The deployment only really took a few months. It was an okay process.

You need very little maintenance on the product. We have about two people here who manage it without any issues.

What other advice do I have?

We're just a customer. We don't have any business affiliation with Carbon Black.

We're currently using the latest version of the solution.

Overall, I would rate the solution seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CS
Assistant Technical Manager at a tech services company with 11-50 employees
Reseller
Top 5
Triage feature shows the whole chain of malware

Pros and Cons

  • "The triage feature that shows you the whole chain of the malware is useful."
  • "When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."

What is our primary use case?

We are a distributor of Carbon Black in Asia. Generally our customers are looking for endpoint features such as EDR (endpoint detection and response). Their existing solutions are usually from another vendor that has provided a normal antivirus solution. They are looking for endpoint protection and detection and response.

What is most valuable?

  • The triage feature that shows you the whole kill chain of the attack/malware is useful. It shows how the malware get into the endpoints and show what it has been done
  • The solution is easy to use and easy to deploy as it is cloud solution, no appliance is needed to deploy on premise

What needs improvement?

When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing. If they could focus on the alert and the event that the user wants to see, that would be better.

There is also room for improvement on the reporting side, because it doesn't have reports. Many of our customers would prefer some kind of exportable report, like a summary. Carbon Black should have this feature.

What do I think about the stability of the solution?

We haven't encountered any bugs.

How are customer service and technical support?

I have not needed to contact their technical support yet.

How was the initial setup?

The setup and configuration are very straightforward. The time it takes depends on the number of endpoints. For one endpoint, it takes a few minutes, tops.

What's my experience with pricing, setup cost, and licensing?

Although I'm more on the technical side and not involved in the pricing, it's more or less the same as other similar solutions.

What other advice do I have?

I would recommend this product to other people.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor.
KarthikR1
Senior Software Engineer at NCR Corporation
Real User
Top 20
We can instantly respond if a false positive occurs

Pros and Cons

  • "The product allows us to focus on endpoint and antivirus protection."
  • "The GUI and reporting should be addressed and the product's administration features need fine tuning."

What is our primary use case?

While there is an IR team that is responsible for managing EDR or deep analytics, our focus is on endpoint and antivirus protection. This is where we encounter signature updates. We look for false positives in their relation to file interpretation. Should anything occur, we can instantly respond. Instead of sending a sample and getting coverage, we can put a policy and place an immediate stop on the false positives.

What needs improvement?

While I consider the product to be top notch and am happy with it, its reporting aspects need to be addressed.

I would definitely recommend Carbon Black CB Defense to others who are contemplating using it, but its administration features need fine tuning. I believe this is already being addressed so that gaps can be filled as these relate to other leading technologies on the market.

The GUI and reporting should also be addressed.

For how long have I used the solution?

We have been using Carbon Black CB Defense for the past seven to eight months.

How are customer service and technical support?

I have not had occasion to make use of technical support, although I may have in the future, as I am the product person who is working with another experienced team and there is a process under way to migrate from McAfee to Carbon Black CB Defense. 

How was the initial setup?

The initial setup was a bit difficult since we had to do it manually or through the use of a script.

What's my experience with pricing, setup cost, and licensing?

The price for the solution is completely at government level, meaning one which is very high, although it is up to management to consider this criteria.

What other advice do I have?

Our company has over a thousand people who utilize the product. Going forward, everything will be managed by Carbon Black CB Defense.

I would rate it an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Carbon Black CB Defense Report and get advice and tips from experienced pros sharing their opinions.